The new reality of Awareness training platforms

The new reality of Awareness training platforms

Letter to our partners

The reality for all platforms such as SMARTFENSE has changed over the years. Several of our partners have become aware of this evolution.

The platforms, originally simple “plug and play” solutions, have evolved towards systems that require careful configuration and customisation to function correctly. This change, a consequence of the inherent complexity of our customers’ organisations, has generated the need to adjust to this new reality.

Just five years ago, it was feasible to perform phishing simulations with minimal configuration, with results that, at worst, were relegated to the SPAM folder. Today, however, sending a phishing simulation without configuring the whitelist has two adverse consequences for the customer:

  • Emails are blocked and do not reach the user.
  • The distortion of data, which affects campaigns, showing false interactions.

This scenario has a direct impact on SMARTFENSE’s services:

  • Unnecessary inclusion of our domains in blacklists, which implies constant management for their rehabilitation.
  • The service is overloaded due to the intense activity of the technologies involved, a situation that could be avoided through appropriate whitelist configurations.

Challenges inherent in technology detection

Customers’ operating environment is very complex and difficult to discern even for them. Customer willingness and collaboration are crucial elements for us, as the identification of their implemented technologies becomes a challenging task without their cooperation.

Their behaviour often lacks predictability: internal configurations, unexpected updates or partial implementations in the customer’s environment. Automatically detecting these variations becomes an impossible task for us and our partners, as well as for other cyber security solution vendors, and is a shared challenge.

We emphasise that it is not just a matter of initial configuration, but that ongoing validation is essential.. Every phishing or ransomware simulation launched through test campaigns must undergo thorough validation. This procedure becomes necessary due to fluctuations in customer realities between campaigns, even when technologies and configurations remain seemingly constant.

We have observed that these variations in Microsoft, Google, and almost all security technologies have an impact on the performance of the technologies, affecting the delivery of the simulations.

What is the proposal from SMARTFENSE?

  • Anti-blocking methods:

    • This is achieved from the whitelist: from SMARTFENSE we inform about which domains must be configured in the client’s tools. Eventually, we can collaborate in the identification of these technologies, but, to be honest, we do it almost blindly, as they use techniques that make them difficult to detect (both at IPs and user agents level), so it is a very complex reverse engineering work.
    • ThorughDMI (Direct Message Injection),injecting emails directly into the user’s inbox (only available for Microsoft and Google).
  • Methods to prevent statistics from being affected:

    • UAdifferenciatorof SMARTFENSE compared to its competitors is hiding of statistics. However, this procedure should not be seen as a substitute for whitelisting, but rather as a palliative in exceptional situations. If for some reason, despite having configured them, the tools interact with the emails, it is then that the statistics hiding function should be used. This option should be applied before launching campaigns, identifying the technologies that interact with SMARTFENSE.

What do we expect from our partners?

  • First of all, we want to clarify thatSMARTFENSE does not fail because it cannot deliver an email or because it presents false data in the campaign. SMARTFENSE is operating as intended, sending emails and evaluating the subsequent interaction. The issue is that, if the anti-blocking methods mentioned above (and, where required, stats hiding) have not been applied, there is a possibility that the emails sent may not reach the inbox, or if they do arrive successfully, they may capture false interaction data with other technologies.
  • We need to be on the same teamand face these challenges together, as switching from SMARTFENSE to another tool does not solve the problem. There is no awareness platform that can magically solve this. In fact, we are the only platform that has the ability to hide statistics affected by software interactions.
  • It is essential to explain the customersthat they cannot simply demand that it works.. They must understand that SMARTFENSE is not failing; rather, it is something we cannot fully control, and they are the only ones who, with our help, can make it all flow correctly. Active collaboration on the part of the client is key to the successful implementation and use of our platform .

There is no magic potion

We’re not magicians, so we spend time creating resources for both customers and our partners to understand that a phishing and ransomware simulation is not something that can be improvised.. It requires planning and preparation, and despite doing everything right, complications can arise. For example, we explored this topic in detail in a blog post and in one of our webinars.

We have had cases where things didn’t work out as expected due to a lack of willingness on the part of the client, who sometimes don’t even want to get involved. But we have also had cases of resounding success, such as that of the former CISO of Banco de Crédito e Inversiones (BCI), who clearly highlights the importance of the customer’s active participation in the process. You can read more about this success story here: Case Study – Hiding Software Generated Statistics.

What does the future hold?

We have noticed that our platform no longer behaves as we expect it to if the right configurations,, such as whitelists. A few years ago, we could cross our fingers and sometimes everything worked, but this is no longer the case. That’s why we have stepped up our requirements for whitelist configuration. Here are some details:

  • In real campaigns, we will include warnings to emphasise the importance of setting up whitelists and running test campaigns. If you do not follow these steps, we are not responsible for the results. We will even incorporate specific messages into test campaigns.
  • In our Terms and Conditions of Service, we make it clear that if we detect repeated campaign launches without whitelisting, we will suspend the service until whitelisting is done. We want to make sure that we are all on the same page and working together to ensure the success of our operations.

Optimizing collaboration

We see this as a valuable opportunity for both our partners and SMARTFENSE.

  • For our partners, the need for expertise to optimise the performance of SMARTFENSE is evident.. It is not simply a plug & play system.. Therefore, specialised services are required not only for the initial implementation, but also for ongoing support.
  • In the case of SMARTFENSE, this situation allows us to stand out in comparison to larger but less closely related manufacturers. Although these giants may face the same challenges (or even greater, lacking the false positive concealment function), the willingness and attention we offer from SMARTFENSE is impossible to match.

In conclusion, we see this juncture as an opportunity to further strengthen our ties, working as a cohesive team. We are committed to achieving results that are probably unattainable for other manufacturers in this new reality.

Mauro Graziosi

Experto en Seguridad de la Información, fundador y CEO de SMARTFENSE. Cuenta con 20 años de trayectoria en ciberseguridad. A lo largo de su carrera profesional generó diferentes proyectos enfocados siempre en la ciberseguridad y la educación a distancia. En 2016 fundó SMARTFENSE con la misión de satisfacer los requisitos y urgencias de los CISOs de Iberoamérica, obteniendo el Primer Premio del programa Cybersecurity Ventures 2018 del INCIBE. Su objetivo personal es convertir a los usuarios en un componente clave de la estrategia de ciberseguridad de las organizaciones a través de la concienciación.

Leave a Reply